Annotation of src/usr.bin/lock/lock.c, Revision 1.21
1.21 ! jmc 1: /* $OpenBSD: lock.c,v 1.20 2003/06/03 02:56:10 millert Exp $ */
1.2 deraadt 2: /* $NetBSD: lock.c,v 1.8 1996/05/07 18:32:31 jtc Exp $ */
1.1 deraadt 3:
4: /*
5: * Copyright (c) 1980, 1987, 1993
6: * The Regents of the University of California. All rights reserved.
7: *
8: * This code is derived from software contributed to Berkeley by
9: * Bob Toxen.
10: *
11: * Redistribution and use in source and binary forms, with or without
12: * modification, are permitted provided that the following conditions
13: * are met:
14: * 1. Redistributions of source code must retain the above copyright
15: * notice, this list of conditions and the following disclaimer.
16: * 2. Redistributions in binary form must reproduce the above copyright
17: * notice, this list of conditions and the following disclaimer in the
18: * documentation and/or other materials provided with the distribution.
1.20 millert 19: * 3. Neither the name of the University nor the names of its contributors
1.1 deraadt 20: * may be used to endorse or promote products derived from this software
21: * without specific prior written permission.
22: *
23: * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
24: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26: * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
27: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33: * SUCH DAMAGE.
34: */
35:
36: #ifndef lint
37: static char copyright[] =
38: "@(#) Copyright (c) 1980, 1987, 1993\n\
39: The Regents of the University of California. All rights reserved.\n";
40: #endif /* not lint */
41:
42: #ifndef lint
43: #if 0
44: static char sccsid[] = "@(#)lock.c 8.1 (Berkeley) 6/6/93";
45: #endif
1.21 ! jmc 46: static char rcsid[] = "$OpenBSD: lock.c,v 1.20 2003/06/03 02:56:10 millert Exp $";
1.1 deraadt 47: #endif /* not lint */
48:
49: /*
50: * Lock a terminal up until the given key is entered, until the root
51: * password is entered, or the given interval times out.
52: *
53: * Timeout interval is by default TIMEOUT, it can be changed with
54: * an argument of the form -time where time is in minutes
55: */
56:
57: #include <sys/param.h>
58: #include <sys/stat.h>
59: #include <sys/time.h>
60: #include <signal.h>
61:
62: #include <ctype.h>
63: #include <err.h>
64: #include <pwd.h>
1.13 millert 65: #include <readpassphrase.h>
1.1 deraadt 66: #include <stdio.h>
1.2 deraadt 67: #include <stdlib.h>
1.1 deraadt 68: #include <string.h>
69: #include <termios.h>
1.2 deraadt 70: #include <unistd.h>
1.1 deraadt 71:
1.13 millert 72: #include <login_cap.h>
73: #include <bsd_auth.h>
1.7 millert 74:
1.1 deraadt 75: #define TIMEOUT 15
76:
1.15 millert 77: void bye(int);
78: void hi(int);
1.1 deraadt 79:
80: struct timeval timeout;
81: struct timeval zerotime;
1.13 millert 82: time_t nexttime; /* keep the timeout time */
1.9 millert 83: int no_timeout; /* lock terminal forever */
1.1 deraadt 84:
1.13 millert 85: extern char *__progname;
86:
1.1 deraadt 87: /*ARGSUSED*/
1.9 millert 88: int
1.18 deraadt 89: main(int argc, char *argv[])
1.1 deraadt 90: {
1.18 deraadt 91: char hostname[MAXHOSTNAMELEN], s[BUFSIZ], s1[BUFSIZ], date[256];
92: char *p, *style, *nstyle, *ttynam;
93: struct itimerval ntimer, otimer;
94: int ch, sectimeout, usemine;
1.1 deraadt 95: struct passwd *pw;
96: struct tm *timp;
97: time_t curtime;
1.13 millert 98: login_cap_t *lc;
1.1 deraadt 99:
100: sectimeout = TIMEOUT;
1.13 millert 101: style = NULL;
1.1 deraadt 102: usemine = 0;
1.6 downsj 103: no_timeout = 0;
1.1 deraadt 104:
105: if (!(pw = getpwuid(getuid())))
1.17 deraadt 106: errx(1, "unknown uid %u.", getuid());
1.13 millert 107:
108: lc = login_getclass(pw->pw_class);
1.1 deraadt 109:
1.13 millert 110: while ((ch = getopt(argc, argv, "a:npt:")) != -1)
1.19 deraadt 111: switch (ch) {
1.13 millert 112: case 'a':
113: if (lc) {
114: style = login_getstyle(lc, optarg, "auth-lock");
115: if (style == NULL)
116: errx(1,
117: "invalid authentication style: %s",
118: optarg);
119: }
120: usemine = 1;
121: break;
1.1 deraadt 122: case 't':
123: if ((sectimeout = atoi(optarg)) <= 0)
124: errx(1, "illegal timeout value: %s", optarg);
125: break;
126: case 'p':
127: usemine = 1;
128: break;
1.6 downsj 129: case 'n':
130: no_timeout = 1;
131: break;
1.1 deraadt 132: case '?':
133: default:
1.10 millert 134: (void)fprintf(stderr,
1.21 ! jmc 135: "usage: %s [-np] [-a style] [-t timeout]\n",
1.13 millert 136: __progname);
1.1 deraadt 137: exit(1);
138: }
139: timeout.tv_sec = sectimeout * 60;
140:
141: gethostname(hostname, sizeof(hostname));
1.13 millert 142: if (!(ttynam = ttyname(STDIN_FILENO)))
1.1 deraadt 143: errx(1, "not a terminal?");
1.13 millert 144: curtime = time(NULL);
145: nexttime = curtime + (sectimeout * 60);
1.1 deraadt 146: timp = localtime(&curtime);
1.13 millert 147: strftime(date, sizeof(date), "%c", timp);
1.1 deraadt 148:
1.13 millert 149: if (!usemine) {
1.1 deraadt 150: /* get key and check again */
1.13 millert 151: if (!readpassphrase("Key: ", s, sizeof(s), RPP_ECHO_OFF) ||
152: *s == '\0')
153: exit(0);
1.1 deraadt 154: /*
155: * Don't need EOF test here, if we get EOF, then s1 != s
156: * and the right things will happen.
157: */
1.13 millert 158: (void)readpassphrase("Again: ", s1, sizeof(s1), RPP_ECHO_OFF);
1.1 deraadt 159: if (strcmp(s1, s)) {
1.13 millert 160: warnx("\apasswords didn't match.");
1.1 deraadt 161: exit(1);
162: }
1.5 deraadt 163: s[0] = '\0';
1.1 deraadt 164: }
165:
166: /* set signal handlers */
167: (void)signal(SIGINT, hi);
168: (void)signal(SIGQUIT, hi);
169: (void)signal(SIGTSTP, hi);
170: (void)signal(SIGALRM, bye);
171:
172: ntimer.it_interval = zerotime;
173: ntimer.it_value = timeout;
1.6 downsj 174: if (!no_timeout)
175: setitimer(ITIMER_REAL, &ntimer, &otimer);
1.1 deraadt 176:
177: /* header info */
1.6 downsj 178: if (no_timeout) {
1.13 millert 179: (void)fprintf(stderr,
180: "%s: %s on %s. no timeout\ntime now is %s\n",
181: __progname, ttynam, hostname, date);
1.6 downsj 182: } else {
1.13 millert 183: (void)fprintf(stderr,
184: "%s: %s on %s. timeout in %d minutes\ntime now is %s\n",
185: __progname, ttynam, hostname, sectimeout, date);
1.6 downsj 186: }
1.1 deraadt 187:
188: for (;;) {
1.13 millert 189: if (!readpassphrase("Key: ", s, sizeof(s), RPP_ECHO_OFF) ||
190: *s == '\0') {
1.9 millert 191: hi(0);
1.1 deraadt 192: continue;
193: }
194: if (usemine) {
1.13 millert 195: /*
196: * If user entered 's/key' or the style specified via
197: * the '-a' argument, auth_userokay() will prompt
198: * for a new password. Otherwise, use what we have.
199: */
200: if ((strcmp(s, "s/key") == 0 &&
201: (nstyle = login_getstyle(lc, "skey", "auth-lock")))
202: || ((nstyle = style) && strcmp(s, nstyle) == 0))
203: p = NULL;
204: else
205: p = s;
206: if (auth_userokay(pw->pw_name, nstyle, "auth-lock", p))
1.1 deraadt 207: break;
1.13 millert 208: } else if (strcmp(s, s1) == 0)
1.1 deraadt 209: break;
1.13 millert 210: (void)putc('\a', stderr);
1.1 deraadt 211: }
1.9 millert 212:
1.13 millert 213: exit(0);
1.1 deraadt 214: }
215:
216: void
1.18 deraadt 217: hi(int dummy)
1.1 deraadt 218: {
1.14 deraadt 219: char buf[1024], buf2[1024];
1.13 millert 220: time_t now;
1.1 deraadt 221:
1.14 deraadt 222: if (no_timeout)
223: buf2[0] = '\0';
224: else {
1.13 millert 225: now = time(NULL);
1.14 deraadt 226: (void)snprintf(buf2, sizeof buf2, " timeout in %d:%d minutes",
227: (nexttime - now) / 60, (nexttime - now) % 60);
1.6 downsj 228: }
1.14 deraadt 229: snprintf(buf, sizeof buf, "%s: type in the unlock key.%s\n",
230: __progname, buf2);
231: (void) write(STDERR_FILENO, buf, strlen(buf));
1.1 deraadt 232: }
233:
234: void
1.18 deraadt 235: bye(int dummy)
1.1 deraadt 236: {
237:
1.13 millert 238: if (!no_timeout)
1.16 millert 239: warnx("timeout");
240: _exit(1);
1.1 deraadt 241: }
![[BACK]](/icons/back.gif){kind=icon}
Return to lock.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / lock